Bug 1370435 - [networking_public_107] The service cannot be accessed when set the enableUnidling to false on node
Summary: [networking_public_107] The service cannot be accessed when set the enableUni...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Networking
Version: 3.3.0
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: ---
: ---
Assignee: Ben Bennett
QA Contact: Meng Bo
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-08-26 10:23 UTC by Meng Bo
Modified: 2017-03-08 18:26 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Cause: The new unidling feature had a bug where it removed the service proxier when unidling was disabled. Consequence: The service would not work. Fix: Fix the bug. Result: The service works.
Clone Of:
Environment:
Last Closed: 2016-09-27 09:46:25 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Origin (Github) 10667 0 None None None 2016-08-26 13:03:01 UTC
Red Hat Product Errata RHBA-2016:1933 0 normal SHIPPED_LIVE Red Hat OpenShift Container Platform 3.3 Release Advisory 2016-09-27 13:24:36 UTC

Description Meng Bo 2016-08-26 10:23:42 UTC
Description of problem:
Modify the node-config to set the enableUnidling to false and restart the node service. Create service/pod and try to access the service and pod ip:port. The service ip cannot be accessed.

Version-Release number of selected component (if applicable):
openshift v3.3.0.23-dirty
kubernetes v1.3.0+507d3a7
etcd 2.3.0+git


How reproducible:
always

Steps to Reproduce:
1. Setup multinode env with 1 master 1 node 
2. Modify the node-config on the node to set the enableUnidling to false
# cat node-config.yaml
dockerConfig:
  execHandlerName: ""
iptablesSyncPeriod: "30s"
kind: NodeConfig
enableUnidling: false
...
3. Restart the node service to make it works
4. Create service and rc
$ oc create -f https://raw.githubusercontent.com/openshift-qe/v3-testfiles/master/networking/list_for_pods.json
$ oc get all -owide 
NAME               DESIRED         CURRENT       AGE         CONTAINER(S)   IMAGE(S)                SELECTOR
rc/test-rc         2               2             13m         test-pod       bmeng/hello-openshift   name=test-pods
NAME               CLUSTER-IP      EXTERNAL-IP   PORT(S)     AGE            SELECTOR
svc/test-service   172.30.144.29   <none>        27017/TCP   13m            name=test-pods
NAME               READY           STATUS        RESTARTS    AGE            IP         NODE
po/test-rc-3wqhb   1/1             Running       0           13m            10.1.0.3   host-8-172-121.host.centralci.eng.rdu2.redhat.com
po/test-rc-4b8ow   1/1             Running       0           13m            10.1.0.5   host-8-172-121.host.centralci.eng.rdu2.redhat.com

5. Try to access the svc from the pod
[root@fedora23 v3]# oc exec test-rc-3wqhb -- curl -s 10.1.0.5:8080
Hello OpenShift!
[root@fedora23 v3]# oc exec test-rc-3wqhb -- curl -s 10.1.0.3:8080
Hello OpenShift!
[root@fedora23 v3]# oc exec test-rc-3wqhb -- curl -s 172.30.144.29:27017
error: error executing remote command: error executing command in container: Error executing in Docker Container: 7

6. Check the iptables rules on the node 
# iptables -t nat -nL | grep 172.30.144.29

Actual results:
5. The service ip:port cannot be accessed from cluster.
6. Nothing found in iptables.

Expected results:
5. The service should be able to access from inside the cluster.

Additional info:

Comment 1 openshift-github-bot 2016-08-26 22:23:35 UTC
Commit pushed to master at https://github.com/openshift/origin

https://github.com/openshift/origin/commit/07c01a63a1cc783446494323ddd7e4b8a6b49e57
Restores the service proxier when unidling is disabled

The unidling code change had inadvertently removed the proxier when
idling was disabled.  This change restores the default proxier
(userspace or iptables depending on the config).

Bug 1370435

Comment 3 Meng Bo 2016-08-30 06:12:31 UTC
Tested on build v3.3.0.27, issue has been fixed.

The service can be accessed when setting the enableUnidling to false on nodes.

Comment 5 errata-xmlrpc 2016-09-27 09:46:25 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2016:1933


Note You need to log in before you can comment on or make changes to this bug.